've
been asked quite a few times, "when will it be a good time to get into
cloud computing?" by potential clients. My answer is typically it
depends... I know, I know.... not much direction there, but really it
all depends. Why ?Well, some may state, "we all know of the much beaten security concerns, and we will ensure that systems on our end are secured and synced to work in tandem with the vendors' security."
Can one ensure some degree of monitoring by the implementation of an Intrusion Detection System (IDS) residing within the system hosting the gateway into the cloud?
The intent of such an implementation can be to monitor the cloud gateway system's software for anomalies, variances from expected traffic and quantity of access into an enterprise's cloud service.But will it be effective enough?
We all remember the buzz and the alarm over adopting the cloud that the occurred from the Bitbucket-EC2 debacle last year and the stories about the back and forth that left Bitbucket's services unavailable for an "eternity" in "internet time" until the EC2 team acknowledged an issue.
Were they hacked? They were DDoSed as most of you already know. Hacking as we know it today, is a for profit enterprise. But can hacking in the cloud become a common instance considering the large enterprises that are vendors, the clients they can or are providing services for, and the levels of security, disaster recovery and back up plans that these vendors claim are in place?
Maybe, but I believe that there is a good chance that any such instance can be caught and dealt with in a manner more expeditious due to the processes in place at these larger vendor facilities than it would at a smaller enterprise. I am not saying that a smaller enterprise can not mitigate an attack, just that the larger cloud vendor will have more resources to act with.
According to some, the cloud is a hackers trove of resources to say launch a DDoS attack. My question is then, to date how many such attacks have occurred with regard to a cloud deployment? Less than a dozen I believe in the last nine months, this simply because there is no real profit in a DDoS within this environment. Unless of course the aim for whatever reason is to stop traffic to a site and disrupt operations as in the case of Bitbucket.
Amazon's response to this situation was it was localized to this company's instance and no other enterprise sharing the system was affected. They further went on to state that they will provide guidance to companies to combat such an attack via Elastic Load Balancing and Auto-Scaling. If the enterprise affected was say a twenty man operation with no large customers to get on the horn to Amazon, would the outcome have been different? One can only hope that the answer to this is no, however as consumers we know the merits of shopping around, right?
So where does this leave us, is it reasonable to get some cloud services? Of course it is, cost savings aside,( in fact that will soon be a non-issue as this ecosystem matures) the general public is growing to expect real time satisfaction to their needs that are increasingly governed by IT.
As a result and in order to stay competitive, profitable and "in the game", enterprises will be driven to adopt some type of cloud service. A good start should be a private cloud and then scale out to a public or hybrid as needed, with of course effective SLA agreements.A good rule of thumb as many have mentioned -don't put anything into a public cloud that you cannot risk losing.
Market Confusion? As consumers or potential consumers of a cloud service customers are bombarded by the proliferation of cloud vendors and/or cloud services, or more correctly claims for services being offered. In order to get the best out of your cloud service, there must be a mutual understanding, agreement and clarity of need. Look at the offerings of multiple vendors and if feasible spread your requirements between vendors.
In order to ensure a level of comfort and security when it comes to cloud adoption and alleviate some concerns for end-users or tenants of the cloud; vendors need to dial back a bit on the marketing hype and focus more on real-time solutions that can be verified by neutral industry and/or academic researchers.
Everyone involved in IT want their cloud solutions to be effective and time managed and the for-profit sector expects a maximum ROI. In order to achieve a modicum of, across the board trusted computing, compatibility and success within this ecosystem; look to a consortium of vendors that are working toward ensuring that any design and implementation of a software stack across platforms maintains a level of vendor neutrality.
This will give an assurance of you the customers' best interest primarily and cloud vendor profit following, by a vendor's or vendors aim to design cloud applications for resilience, effective management of data and data replication as well as the expected latency that can occur between a spread of multiple providers.
No comments:
Post a Comment